Tarka Duhalde, Group Financial Controller, IRIS Software Group
Globally, cyber-attacks are on the rise, and many attacks are starting to target financial data specifically. A report by PwC found finance and accounting firms are already at a 30% higher risk of becoming victims of a cyber-attack.
Human error, ransomware, and phishing scams all pose significant threats to a company’s cybersecurity. But to make matters more complex, they can require separate solutions. This means – on top of the daily tasks of accounting, record keeping, budgeting and forecasting – finance professionals need to be aware of their cybersecurity posture. This is a challenge for all finance teams, but for those who are under-resourced and overworked, it can be even more difficult.
That said, not investing in cyber-secure practices can cost companies more time and money in the long run. And the costs these days aren’t only financial, an extensive cyber-attack can also impact a company’s reputation. Being unable to access critical data or having extensive downtime not only damages existing relationships but can also put a stop to new ones.
Protect from internal threats
Improving a company’s cybersecurity posture might sound like a complex task, especially if teams are unfamiliar with what this could entail, however, there are various simple steps which can be taken to tackle threats.
The flexible or hybrid working policy is a good place to start. Over the past couple of years, many businesses have rushed to implement software and services to support remote working without fully understanding the security implications and risks. Reviewing where any gaps might occur – or have already occurred – can put companies on the front foot when it comes to bolstering cyber defences.
Employees in an organisation should also not be overlooked, as they can play a huge role in becoming more secure. According to IBM, 95% of cybersecurity breaches are a result of human error. Plus, 43% of employees use personal devices for work activity without permission from IT. With this in mind, it’s important to provide training for all staff on cybersecurity best practices to ensure the cybersecurity posture is as robust as possible.
Manual processes are another area where the cybersecurity spotlight should be shone. The likes of excel spreadsheets should be used sparingly, not only are they inefficient for collaboration, but excessive spreadsheet use can generate security and integrity issues too. It’s nearly always better to opt for a user-friendly technology solution with a secure dashboard. If this solution is cloud-based, even better, as it will be accessible to everyone who needs it, wherever they are, in a secure manner – something that’s essential in today’s world of hybrid working.
Interrogate suppliers’ cyber posture
When onboarding a new supplier, it’s all to easy to overlook their own data protection and cybersecurity policy, risk profile and GDPR policy, especially when there’s a critical business need to implement their services, and quickly. However, for the sake of cybersecurity, it’s essential these policies are interrogated as thoroughly as a company’s own.
While price will always be a factor in deciding which supplier to go for, it shouldn’t always be about going with the cheapest option. In fact, going with the cheapest supplier policies might cost you more in the long run, especially if they have the laxest compliance. Businesses can face significant fines if they don’t take the necessary measures to protect their clients’ sensitive data. With a complex legislation landscape in the UK, and hefty fines for those who don’t remain compliant, this isn’t a risk companies should be willing to take.
While enhancing cybersecurity measures might look like a daunting task, there are some simple, yet effective measures companies can put in place to mitigate the risk of attack. From ensuring all employees have up-to-date phishing training to replacing manual processes with cloud-based software and more closely integrating suppliers’ cybersecurity measures, companies can create the best cyber shield to protect both themselves and their customers’ data in the long-run.